PatchSiren cyber security CVE debrief

CVE-2024-40984 Siemens CVE debrief

CVE-2024-40984 is a medium-severity vulnerability (CVSS 5.5) affecting the ACPICA (ACPI Component Architecture) component, specifically related to a reverted change concerning mapping multiple Base Address Registers (BARs). The vulnerability description indicates this was a revert of a previous ACPICA commit that attempted to avoid an informational message about mapping multiple BARs with the reassurance that the kernel was fine. The impact assessment from the source advisory categorizes this as misinformed, suggesting the original change may have led to incorrect assumptions about system state or behavior. This vulnerability is relevant to Siemens industrial networking products running SINEC OS, including the RUGGEDCOM RST2428P and SCALANCE X-family switches. The advisory was initially published on August 12, 2025, and has undergone multiple revisions, with the most recent update on February 25, 2026, reflecting ongoing coordination between CISA and Siemens ProductCERT. No known exploitation or ransomware campaign use has been documented.

Vendor: Siemens
Product: RUGGEDCOM RST2428P (6GK6242-6PA00)
CVSS: MEDIUM 5.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2024-04-09
Original CVE updated: 2026-05-14
Advisory published: 2024-04-09
Advisory updated: 2026-05-14

Who should care

Organizations operating Siemens industrial networking infrastructure including RUGGEDCOM RST2428P switches and SCALANCE X-family devices (XC-300, XR-300, XC-400, XR-500WG, XR-500, XCM-/XRM-/XCH-/XRH-300 families) running SINEC OS. Critical infrastructure operators in energy, manufacturing, transportation, and other industrial sectors relying on these devices for network segmentation and OT connectivity should prioritize monitoring vendor advisories and applying patches when available.

Technical summary

CVE-2024-40984 stems from a reverted change in ACPICA (ACPI Component Architecture), the reference implementation of ACPI specification used in Linux kernels. The original commit attempted to suppress an informational message about mapping multiple Base Address Registers (BARs) with a reassurance that the kernel was functioning correctly. The revert of this change suggests the original modification may have introduced incorrect behavior or assumptions about BAR mapping states. In the context of Siemens industrial products running SINEC OS, this vulnerability could affect ACPI table parsing and hardware resource allocation. The misinformed impact classification indicates that system administrators or automated tools may have received inaccurate status information. The vulnerability is medium severity (CVSS 5.5), reflecting limited attack surface in properly configured OT environments but potential for operational impact if exploited.

Defensive priority

medium

Recommended defensive actions

Review Siemens ProductCERT advisory SSA-355557 for detailed product-specific guidance and patch availability
Verify SINEC OS and underlying Linux kernel versions on affected Siemens industrial networking equipment
Monitor CISA ICS advisories for updates to ICSA-25-226-07
Apply vendor-provided firmware updates for RUGGEDCOM RST2428P and SCALANCE X-family devices when available
Implement network segmentation for industrial control systems per CISA recommended practices
Ensure defense-in-depth strategies are in place for affected OT environments

Evidence notes

The vulnerability description and impact assessment are drawn directly from the CISA CSAF advisory ICSA-25-226-07, which references Siemens ProductCERT advisory SSA-355557. The affected product list and threat categorization are sourced from the CSAF product tree and threats sections. The revision history confirms the advisory's evolution and continued relevance.

Official resources

2025-08-12